<?php

	//XMLRPC implementation
	require_once('xmlrpc_imp.php');
	require_once('db.php');
	require_once('utils.php');
	
	//Remote methods available
	
	$xmlrpc_methods = array("sweetter.check_api_key" => "check_api_key" , 
							"sweetter.get_location" => "get_location" , 
							"sweetter.set_location" => "set_location", 
							"sweetter.get_followers" => "get_followers" , 
							"sweetter.get_followee" => "get_followee" ,
							"sweetter.get_avatar" => "get_avatar",
							"sweetter.add_followee" => "add_followee",
							"sweetter.del_followee" => "del_followee",
							"sweetter.get_karma" => "get_karma",
							"sweetter.get_todo" => "get_todo",
							"sweetter.sweet" => "sweet",
							"sweetter.invalid_method" => "XMLRPC_method_not_found");

	//Parse the request
	$xmlrpc_request = 	XMLRPC_parse($HTTP_RAW_POST_DATA);
	$method_name 	= 	XMLRPC_getMethodName($xmlrpc_request);
	$params 		= 	XMLRPC_getParams($xmlrpc_request);
	
	//Check if method exists
	if(array_key_exists($method_name, $xmlrpc_methods)){
		$xmlrpc_methods[$method_name]($params);
	}
	else{
		$xmlrpc_methods['sweetter.invalid_method']($method_name);
	}
	
	
	/**
	* Utility methods
	**/
	function __get_user_by_api_key__($api_key){
		$sqlQuery = "SELECT name FROM users WHERE api_key='".$api_key."'";
		$res = mysql_query($sqlQuery);
		if(mysql_num_rows($res)!=1) //Check for null api_key value
			return null;
		$row = mysql_fetch_array($res, MYSQL_ASSOC);
		
		return $row["name"];
	}
	
	/**
	* Remote methods definitions
	**/
	
	//Check if API KEY is valid for user
	function check_api_key($params){
		//Check params sanity
		if(count($params)!=2)
			return XMLRPC_response(XMLRPC_prepare(false));
		if(!is_string($params[0]) || strlen($params[0]) > 32 || strlen($params[0]) == 0)
			return XMLRPC_response(XMLRPC_prepare(false));
		if(!is_string($params[1]) || strlen($params[1]) != 20) //API_KEY is always 20 chars length
			return XMLRPC_response(XMLRPC_prepare(false));
			
		$user = htmlspecialchars($params[0]);
		$api_key = htmlspecialchars($params[1]);
		
		$sqlQuery = "SELECT karma FROM users WHERE name='".$user."' AND api_key='".$api_key."'";
		$res = mysql_query($sqlQuery);
		return XMLRPC_response(XMLRPC_prepare(mysql_num_rows($res) == 1));
	}
	
	//Get user avatar
	function get_avatar($params){
		//Check params
		if(count($params)!=1)
			return XMLRPC_response(XMLRPC_prepare(null));
		if(!is_string($params[0]) || strlen($params[0]) > 32 || strlen($params[0]) == 0)
			return XMLRPC_response(XMLRPC_prepare(null));
			
		$user = htmlspecialchars($params[0]);
		
		//Default avatar
		$avatar = "img/none.jpg";
		
		//Get avatar from db
		$sqlQuery = "SELECT avatar FROM users WHERE name='".$user."'";
		$res = mysql_query($sqlQuery);
		if (mysql_num_rows($res) != 1)
			return XMLRPC_response(XMLRPC_prepare(null));
		$row = mysql_fetch_array($res, MYSQL_ASSOC);
		//If user has avatar
		if(isset($row["avatar"]))
			$avatar = $row["avatar"];
			
		return XMLRPC_response(XMLRPC_prepare($avatar));
	}
	
	//Get user location
	function get_location($params){
		//Check params
		if(count($params)!=1)
			return XMLRPC_response(XMLRPC_prepare(null));
		if(!is_string($params[0]) || strlen($params[0]) > 32 || strlen($params[0]) == 0)
			return XMLRPC_response(XMLRPC_prepare(null));
			
		$user = htmlspecialchars($params[0]);
		
		//Get location from db
		$sqlQuery = "SELECT location FROM users WHERE name='".$user."'";
		$res = mysql_query($sqlQuery);
		if (mysql_num_rows($res) != 1)
			return XMLRPC_response(XMLRPC_prepare(null));
		$row = mysql_fetch_array($res, MYSQL_ASSOC);
		
		return XMLRPC_response(XMLRPC_prepare($row["location"]));
	}
	
	//Set user location
	function set_location($params){
		//Check params
		if(count($params)!=2)
			return XMLRPC_response(XMLRPC_prepare(false));
		if(!is_string($params[0]) || strlen($params[0]) != 20)
			return XMLRPC_response(XMLRPC_prepare(false));
		if(!is_string($params[1]) || strlen($params[1]) > 150)
			return XMLRPC_response(XMLRPC_prepare(false));
			
		$api_key = htmlspecialchars($params[0]);
		$location = htmlspecialchars($params[1]);
		
		$name = __get_user_by_api_key__($api_key);
		if($name != null){
			new_user_attrs($name,"location='".$location."'");
			return XMLRPC_response(XMLRPC_prepare(true));
		}
		else{
			return XMLRPC_response(XMLRPC_prepare(false));
		}
	}
	
	//Get followers
	function get_followers($params){
		//Check params
		if(count($params)!=1)
			return XMLRPC_response(XMLRPC_prepare(false));
		if(!is_string($params[0]) || strlen($params[0]) > 32)
			return XMLRPC_response(XMLRPC_prepare(false));
			
		$user = htmlspecialchars($params[0]);
		if(!existsUser($user))
			return XMLRPC_response(XMLRPC_prepare(false));
			
		//Get followers
		$result = know_followers($user);
		
		return XMLRPC_response(XMLRPC_prepare($result));
	}
	
	//Get following
	function get_followee($params){
		//Check params
		if(count($params) !=1)
			return XMLRPC_response(XMLRPC_prepare(false));
		if(!is_string($params[0]) || strlen($params[0]) > 32)
			return XMLRPC_response(XMLRPC_prepare(false));
			
		$user = htmlspecialchars($params[0]);
		if(!existsUser($user))
			return XMLRPC_response(XMLRPC_prepare(false));
			
		//Get the followees
		$result = know_followees($user);
		
		return XMLRPC_response(XMLRPC_prepare($result));
	}
	
	//Add following
	function add_followee($params){
		//Check params
		if(count($params) != 2)
			return XMLRPC_response(XMLRPC_prepare(false));
		if(!is_string($params[0]) || strlen($params[0]) != 20)
			return XMLRPC_response(XMLRPC_prepare(false));
		if(!is_string($params[1]) || strlen($params[1]) > 32)
			return XMLRPC_response(XMLRPC_prepare(false));
			
		$api_key = htmlspecialchars($params[0]);
		$followee = htmlspecialchars($params[1]);
		
		$user = __get_user_by_api_key__($api_key);
		
		//Check followee and user
		if(!existsUser($followee) || $user == null){
			return XMLRPC_response(XMLRPC_prepare(false));
		}
		
		//Check if already following
		$know_followees = know_followers($followee);
		if(!in_array($user, $know_followees)){
			$sqlQuery = "INSERT INTO followers VALUES ('".$user."','".$followee."')";
			$res = mysql_query($sqlQuery);
			
			return XMLRPC_response(XMLRPC_prepare(true));
		}
		else{
			return XMLRPC_response(XMLRPC_prepare(false));
		}
	}
	
	//Del followee
	function del_followee($params){
		//Check params
		if(count($params) != 2)
			return XMLRPC_response(XMLRPC_prepare(false));
		if(!is_string($params[0]) || strlen($params[0]) != 20)
			return XMLRPC_response(XMLRPC_prepare(false));
		if(!is_string($params[1]) || strlen($params[1]) > 32)
			return XMLRPC_response(XMLRPC_prepare(false));
			
		$api_key = htmlspecialchars($params[0]);
		$followee = htmlspecialchars($params[1]);
		
		$user = __get_user_by_api_key__($api_key);
		
		//Check for followee and user
		if(!existsUser($followee) || $user == null){
			return XMLRPC_response(XMLRPC_prepare(false));
		}
		
		//Check if is following
		$know_followees = know_followers($followee);
		if(in_array($user, $know_followees)){
			$sqlQuery = "DELETE FROM followers WHERE follower='".$user."' and followee='".$followee."'";
			$res = mysql_query($sqlQuery);
			
			return XMLRPC_response(XMLRPC_prepare(true));
		}
		else{
			return XMLRPC_response(XMLRPC_prepare(false));
		}
	}
	
	//Get karma
	function get_karma($params){
		//Check params
		if(count($params) !=1)
			return XMLRPC_response(XMLRPC_prepare(null));
		if(!is_string($params[0]) || strlen($params[0]) > 32)
			return XMLRPC_response(XMLRPC_prepare(null));
			
		$user = htmlspecialchars($params[0]);
		
		//Check if user exists
		if(!existsUser($user))
			return XMLRPC_response(XMLRPC_prepare(null));
			
		$karma = intval(know_user_attr($user, "karma"));
		
		return XMLRPC_response(XMLRPC_prepare($karma));
	}
	
	//Get TODO list
	function get_todo($params){
		//Check params
		if(count($params) !=1)
			return XMLRPC_response(XMLRPC_prepare(null));
		if(!is_string($params[0]) || strlen($params[0]) > 32)
			return XMLRPC_response(XMLRPC_prepare(null));
			
		$user = htmlspecialchars($params[0]);
		
		//Check if user exists
		if(!existsUser($user))
			return XMLRPC_response(XMLRPC_prepare(null));
		
		$sqlQuery = "SELECT sweets.comment FROM sweets, todo WHERE todo.asigned='".$user."' AND todo.doit=0 and todo.sweetid=sweets.id";
		$res = mysql_query($sqlQuery);
		$todos = array();
		while($row = mysql_fetch_array($res, MYSQL_ASSOC)){
			$todos[] = $row["comment"];
		}
		
		return XMLRPC_response(XMLRPC_prepare($todos));
	}
	
	//Post a sweet
	function sweet($params){
		//Check params
		if(count($params) != 2)
			return XMLRPC_response(XMLRPC_prepare(false));
		if(!is_string($params[0]) || strlen($params[0]) != 20)
			return XMLRPC_response(XMLRPC_prepare(false));
		if(!is_string($params[1]))
			return XMLRPC_response(XMLRPC_prepare(false));
			
		$api_key = htmlspecialchars($params[0]);
		$comment = htmlspecialchars($params[1]);

		$user = __get_user_by_api_key__($api_key);
		
		if($user == null)
			return XMLRPC_response(XMLRPC_prepare(false));
			
		$chars = userChars($user);
		$sweet = substr($comment,0,$chars);
		
		$sqlQuery = "INSERT INTO sweets (userid, date, comment, votes) values ('".$user."', NOW(), '".$sweet."', 0)";
		mysql_query($sqlQuery);
		return XMLRPC_response(XMLRPC_prepare(true));
	}
	
	//Error, method not found
	function XMLRPC_method_not_found($methodName){
 		XMLRPC_error("2", "The method you requested, '$methodName', was not found.");
	}
?>
